Press Releases

Browse our press release archive

10 Sep 2004

MyDoom worm creators ask for job in anti-virus industry, Sophos reports

The MyDoom-V and MyDoom-U worms contain a message from their authors
Embedded inside the worms is a message to the anti-virus community.

The creators of the latest versions of the MyDoom email worm have embedded a secret message inside their code, asking for a job in the anti-virus industry, researchers at Sophos have discovered.

The W32/MyDoom-V and W32/MyDoom-U worms spread via email in the form of an email file attachment. If innocent users launch the malicious file, the worms activate and may attempt to download a backdoor Trojan horse called Surila.

Hidden inside these worm's code is a message which does not get displayed on infected users' computers:

We searching 4 work in AV industry.

"It's hard to tell if the creators of these new versions of the MyDoom worm are being serious, but there is no way that anybody in the anti-virus industry would touch them with a bargepole," said Graham Cluley, senior technology consultant for Sophos. "It's very simple - if you write a virus, we will never ever employ you. Not only is it unethical to write malicious code, but it raises issues as to whether you could ever be trusted to develop the software which protects millions of users around the world from attack every day."

Sophos believes the skills required to write reliable anti-virus software are very different from those shown by a virus writer.

"Anti-virus software is much more difficult to write than a computer virus. Anti-virus developers have to ensure that their software works reliably, detecting over 90,000 computer viruses on a wide variety of operating systems and network configurations without making mistakes or causing problems. Virus writers don't care if their code crashes or causes incompatabilities - you don't have to be a genius to write a virus," continued Cluley.

Although the MyDoom-V and MyDoom-U worms were only discovered on 9 September 2004, Sophos anti-virus products have been capable of detecting them proactively through its generic detection capabilities as W32/MyDoom-Gen since 27 August 2004.

"Sophos's proactive detection of the new versions of these worms demonstrates the high quality of the work done by our research and development teams. Technology like this has made the Sophos product line the ideal choice for businesses around the globe," said Cluley.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.